OK. I've modified the CPL for normal memory accesses(which includes TSS accesses) to be used, while all descriptor accesses by the CPU all execute at CPL 0(IDT/GDT/LDT reads and writes). That should fix that problem.
Oddly enough, nothing is stated about such behaviour in any documentation I can find?
Edit: TSS loading and saving has always been performed at CPL 0, although the CPL is applied to all other required privilege checks when task switching(e.g. the TSS descriptor DPL checking against RPL and CPL).
Edit: Having adjusted that, it's now still oddly triple faulting on the JEMM386.EXE I've taken from the floppy disk version of FreeDOS. It seems to be in Virtual 8086 mode, causing a fault because of some interrupt(Visual Studio won't let me know exactly where, just pointing to the end of the main interrupt function), the call stack giving a subfunction that's not called by the function directly(there's usually at least two sublayers in between(main interrupt handling -> CPU_GP, which either calls the triple fault handler(when combining invalid faults) or calls CPU_executionphase_startinterrupt, which calls CPU_OP, which starts a new interrupt phase and continues to call the new interrupt(back to the first step).
It's kind of odd that I don't see the actual fault being raised, thus unknown what's going wrong(I expect CPU_GP is called with error code 9, as that is what the interrupt error code within CPU_OP is reporting). So it's not an interrupt vector fault, but actually a CS load fault(as the stack switches are handled by another subfunction, which shouldn't have been optimized away afaik). So said CS which is using descriptor selector 0009h is causing a fault when loaded? But it's unknown why?
Edit: It seems the JEMM386.EXE Virtual 8086 monitor uses a flat 32-bit CS segment register, which wasn't supported yet in the limit checks on the resulting CS:EIP address. Having fixed that, the OS continues booting correctly(at least with JEMM386). 😁
Just tried actually using the EMS memory by running the NO$GMB emulator after loading the JEMM386 executable(and loading the VIDE-CDD CD-ROM drivers). Disk access itself(using simple DIR commands) seems to work properly, but running the emulator seems to crash it into hanging the CPU trying to load the C000(VGA ROM) segment in protected mode(by the Virtual 8086 Monitor itself)?
Edit: Also, the emulation speed drops dramatically(from ~14% to 2%) once having loaded the command prompt and/or CD-ROM drivers? Maybe something to do with the protected-mode interrupt handling being that slow?
Edit: It seems that was mainly because of Visual Studio's breakpoints(disabling them speeds it back up to 10%).